From dc6b86b93c8f059b0cc96c364ffad05c88b7d92e Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs@samba.org>
Date: Fri, 22 Aug 2014 09:15:59 -0700
Subject: [PATCH] s3-winbindd: Use correct realm for trusted domains in idmap child

When authenticating users in a trusted domain, the idmap_ad module
always connects to a local DC instead of one in the trusted domain.

Fix this by passing the correct realm to connect to.

Also Comment parameters passed to ads_cached_connection_connect

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c203c722e7e22f9146f2ecf6f42452c0e82042e4)
---
 source3/winbindd/winbindd_ads.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 4c26389..e47613e 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -187,8 +187,15 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
 		}
 	}
 
-	status = ads_cached_connection_connect(adsp, realm, dom_name, ldap_server,
-					       password, realm, 0);
+	status = ads_cached_connection_connect(
+		adsp,			/* Returns ads struct. */
+		wb_dom->alt_name,	/* realm to connect to. */
+		dom_name,		/* 'workgroup' name for ads_init */
+		ldap_server,		/* DNS name to connect to. */
+		password,		/* password for auth realm. */
+		realm,			/* realm used for krb5 ticket. */
+		0);			/* renewable ticket time. */
+
 	SAFE_FREE(realm);
 
 	return status;
-- 
1.7.1